SSH with ed25519

NIIBE Yutaka gniibe at
Wed Aug 12 15:46:27 CEST 2015


I forgot when I tested OpenSSH with Ed25519, it worked at that
time.  Today, I needed a patch like this:

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 2a3037c..7526634 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1964,6 +1964,11 @@ ssh_key_to_blob (gcry_sexp_t sexp, int with_secret,
               err = gpg_error (GPG_ERR_INV_SEXP);
               goto out;
+	  if (data[0] == 0x40)
+	    {
+	      data++;
+	      datalen--;
+	    }
           err = stream_write_string (stream, data, datalen);
           if (err)
             goto out;

The above fix is not quite right (I think that always removing the
prefix is right), but I'm not sure if there's existing old keys.

In the git commit log, I found following change.  I think that after
this change, we need to remove prefix when sending to SSH.

commit 557cc11a605dd280d03c52d8b546deed8c4c714d
Author: Werner Koch <wk at>
Date:   Thu Jul 24 16:16:53 2014 +0200

    gpg: Switch to an EdDSA format with prefix byte.

    * g10/keygen.c (gen_ecc): USe "comp" for EdDSA.


More information about the Gnupg-devel mailing list